Context Navigation

source: protocols/ssl_sspi.c @ 51a4ffb

Last change on this file since 51a4ffb was 51a4ffb, checked in by Jelmer Vernooij <jelmer@…>, at 2006-05-25T09:55:00Z
Some more work on SSL on Windows
Property mode set to `100644`
File size: 6.2 KB

Rev	Line
[e3fb678]	1	/********************************************************************\
	2	* BitlBee -- An IRC to other IM-networks gateway *
	3	* *
	4	* Copyright 2002-2004 Wilmer van der Gaast and others *
	5	\********************************************************************/
	6
	7	/* SSL module - SSPI backend */
	8
	9	/* Copyright (C) 2005 Jelmer Vernooij <jelmer@samba.org> */
	10
	11	/*
	12	This program is free software; you can redistribute it and/or modify
	13	it under the terms of the GNU General Public License as published by
	14	the Free Software Foundation; either version 2 of the License, or
	15	(at your option) any later version.
	16
	17	This program is distributed in the hope that it will be useful,
	18	but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	GNU General Public License for more details.
	21
	22	You should have received a copy of the GNU General Public License with
	23	the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL;
	24	if not, write to the Free Software Foundation, Inc., 59 Temple Place,
	25	Suite 330, Boston, MA 02111-1307 USA
	26	*/
	27
	28	#include "ssl_client.h"
	29	#include <windows.h>
	30	#define SECURITY_WIN32
	31	#include <security.h>
	32	#include <sspi.h>
	33	#include <schannel.h>
	34
	35	static gboolean initialized = FALSE;
	36	int ssl_errno;
	37
	38	struct scd
	39	{
	40	int fd;
[80c1e4d]	41	ssl_input_function func;
[e3fb678]	42	gpointer data;
	43	gboolean established;
	44	int inpa;
	45	CredHandle cred; /* SSL credentials */
	46	CtxtHandle context; /* SSL context */
	47	SecPkgContext_StreamSizes sizes;
	48	};
	49
	50	static void ssl_connected( gpointer data, gint source, GaimInputCondition cond );
	51
	52	void sspi_global_init( void )
	53	{
	54	/* FIXME */
	55	}
	56
	57	void sspi_global_deinit( void )
	58	{
	59	/* FIXME */
	60	}
	61
[80c1e4d]	62	void ssl_connect( char host, int port, ssl_input_function func, gpointer data )
[e3fb678]	63	{
	64	struct scd *conn = g_new0( struct scd, 1 );
	65	SCHANNEL_CRED ssl_cred;
	66	TimeStamp timestamp;
[51a4ffb]	67	SecBuffer ibuf[2],obuf[1];
	68	SecBufferDesc ibufs,obufs;
	69	ULONG req = ISC_REQ_REPLAY_DETECT \| ISC_REQ_SEQUENCE_DETECT \|
	70	ISC_REQ_CONFIDENTIALITY \| ISC_REQ_USE_SESSION_KEY \|
	71	ISC_REQ_ALLOCATE_MEMORY \| ISC_REQ_STREAM \| ISC_REQ_EXTENDED_ERROR \|
	72	ISC_REQ_MANUAL_CRED_VALIDATION;
	73	ULONG a;
[e3fb678]	74
	75	conn->fd = proxy_connect( host, port, ssl_connected, conn );
	76	conn->func = func;
	77	conn->data = data;
	78	conn->inpa = -1;
	79
	80	if( conn->fd < 0 )
	81	{
	82	g_free( conn );
	83	return( NULL );
	84	}
	85
	86	if( !initialized )
	87	{
	88	sspi_global_init();
	89	initialized = TRUE;
	90	atexit( sspi_global_deinit );
	91	}
	92
	93	memset(&ssl_cred, 0, sizeof(SCHANNEL_CRED));
	94	ssl_cred.dwVersion = SCHANNEL_CRED_VERSION;
	95	ssl_cred.grbitEnabledProtocols = SP_PROT_SSL3_CLIENT;
	96
	97	SECURITY_STATUS st = AcquireCredentialsHandle(NULL, UNISP_NAME, SECPKG_CRED_OUTBOUND, NULL, &ssl_cred, NULL, NULL, &conn->cred, &timestamp);
[51a4ffb]	98
	99	if (st != SEC_E_OK)
	100	return NULL;
	101
	102	do {
	103	/* initialize buffers */
	104	ibuf[0].cbBuffer = size; ibuf[0].pvBuffer = buf;
	105	ibuf[1].cbBuffer = 0; ibuf[1].pvBuffer = NIL;
	106	obuf[0].cbBuffer = 0; obuf[0].pvBuffer = NIL;
	107	ibuf[0].BufferType = obuf[0].BufferType = SECBUFFER_TOKEN;
	108	ibuf[1].BufferType = SECBUFFER_EMPTY;
	109
	110	/* initialize buffer descriptors */
	111	ibufs.ulVersion = obufs.ulVersion = SECBUFFER_VERSION;
	112	ibufs.cBuffers = 2; obufs.cBuffers = 1;
	113	ibufs.pBuffers = ibuf; obufs.pBuffers = obuf;
	114
	115	st = InitializeSecurityContext(&conn->cred, size?&conn->context:NULL, host, req, 0, SECURITY_NETWORK_DREP, size?&ibufs:NULL, 0, &conn->context, &obufs, &a, &timestamp);
	116	if (obuf[0].pvBuffer && obuf[0].cbBuffer) {
	117	send(conn->fd, obuf[0].pvBuffer, obuf[0].cbBuffer, 0);
	118	}
	119
	120	switch (st) {
	121	case SEC_I_INCOMPLETE_CREDENTIALS:
	122	break;
	123	case SEC_I_CONTINUE_NEEDED:
	124
	125	}
[e3fb678]	126
	127
[51a4ffb]	128	QueryContextAttributes(&conn->context, SECPKG_ATTR_STREAM_SIZES, &conn->sizes);
[e3fb678]	129
	130
	131	return( conn );
	132	}
	133
	134	int ssl_read( void conn, char retdata, int len )
	135	{
	136	struct scd *scd = conn;
	137	SecBufferDesc msg;
	138	SecBuffer buf[4];
	139	int ret = -1, i;
	140	char *data = g_malloc(scd->sizes.cbHeader + scd->sizes.cbMaximumMessage + scd->sizes.cbTrailer);
	141
	142	/* FIXME: Try to read some data */
	143
	144	msg.ulVersion = SECBUFFER_VERSION;
	145	msg.cBuffers = 4;
	146	msg.pBuffers = buf;
	147
	148	buf[0].BufferType = SECBUFFER_DATA;
	149	buf[0].cbBuffer = len;
	150	buf[0].pvBuffer = data;
	151
	152	buf[1].BufferType = SECBUFFER_EMPTY;
	153	buf[2].BufferType = SECBUFFER_EMPTY;
	154	buf[3].BufferType = SECBUFFER_EMPTY;
	155
	156	SECURITY_STATUS st = DecryptMessage(&scd->context, &msg, 0, NULL);
	157
	158	for (i = 0; i < 4; i++) {
	159	if (buf[i].BufferType == SECBUFFER_DATA) {
	160	memcpy(retdata, buf[i].pvBuffer, len);
	161	ret = len;
	162	}
	163	}
	164
	165	g_free(data);
	166	return( -1 );
	167	}
	168
	169	int ssl_write( void conn, const char userdata, int len )
	170	{
	171	struct scd *scd = conn;
	172	SecBuffer buf[4];
	173	SecBufferDesc msg;
	174	char *data;
	175	int ret;
	176
	177	msg.ulVersion = SECBUFFER_VERSION;
	178	msg.cBuffers = 4;
	179	msg.pBuffers = buf;
	180
	181	data = g_malloc(scd->sizes.cbHeader + scd->sizes.cbMaximumMessage + scd->sizes.cbTrailer);
	182	memcpy(data + scd->sizes.cbHeader, userdata, len);
	183
	184	buf[0].BufferType = SECBUFFER_STREAM_HEADER;
	185	buf[0].cbBuffer = scd->sizes.cbHeader;
	186	buf[0].pvBuffer = data;
	187
	188	buf[1].BufferType = SECBUFFER_DATA;
	189	buf[1].cbBuffer = len;
	190	buf[1].pvBuffer = data + scd->sizes.cbHeader;
	191
	192	buf[2].BufferType = SECBUFFER_STREAM_TRAILER;
	193	buf[2].cbBuffer = scd->sizes.cbTrailer;
	194	buf[2].pvBuffer = data + scd->sizes.cbHeader + len;
	195	buf[3].BufferType = SECBUFFER_EMPTY;
	196
	197	SECURITY_STATUS st = EncryptMessage(&scd->context, 0, &msg, 0);
	198
	199	ret = send(scd->fd, data,
	200	buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer, 0);
	201
	202	g_free(data);
	203
	204	return ret;
	205	}
	206
	207	void ssl_disconnect( void *conn )
	208	{
	209	struct scd *scd = conn;
	210
	211	SecBufferDesc msg;
	212	SecBuffer buf;
	213	DWORD dw;
	214
	215	dw = SCHANNEL_SHUTDOWN;
	216	buf.cbBuffer = sizeof(dw);
	217	buf.BufferType = SECBUFFER_TOKEN;
	218	buf.pvBuffer = &dw;
	219
	220	msg.ulVersion = SECBUFFER_VERSION;
	221	msg.cBuffers = 1;
	222	msg.pBuffers = &buf;
	223
	224	SECURITY_STATUS st = ApplyControlToken(&scd->context, &msg);
	225
	226	if (st != SEC_E_OK) {
	227	/* FIXME */
	228	}
	229
	230	/* FIXME: call InitializeSecurityContext(Schannel), passing
	231	* in empty buffers*/
	232
	233	DeleteSecurityContext(&scd->context);
	234
[51a4ffb]	235	FreeCredentialHandle(&scd->cred);
	236
[e3fb678]	237	closesocket( scd->fd );
	238	g_free(scd);
	239	}
	240
	241	int ssl_getfd( void *conn )
	242	{
	243	return( ((struct scd*)conn)->fd );
	244	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: